Main Flashcards

Question

Bluejacking

Answer 1

Sending unsolicited messages to another device via bluetooth

Answer 2

Access a bluetooth-enabled device and transfer data e.g Contact list, calendar, email, pictures, video, etc

Answer 3

Arbitrary number that is used only once in a cryptograhic process. Usually a random or psuedo-random number or a counter. A salt is an example of a nonce.

Answer 4

Type of nonce. Used for randomizing an encryption scheme.

Answer 5

Filling up the MAC table on a switch, forcing ou tthe legitmate MAC addresses. The switch will begin to flood out on all interfaces, turning the switch into a hub. Attacker can then easily capture all network traffic.

Answer 6

Modify the DNS server, change it so that DNS lookups give the responses that the attacker desires. Can be used to highjack domains, get victims to go to your malicious site, DOS.

Answer 7

1. Typosquatting / brandjacking, takes advantage of poor spelling 2. Outright mispelling 3. Typing error 4. Different phrase in URL 5. Different top-level domain, e.g .org instead of .com

Answer 8

1. Insiders 2. Nation states 3. Hackitivst 4. Script kiddies 5. Hackers 6. Shadow IT 7. Organized crime 8. Competitors

Answer 9

1. Open source 2. Closed/proprietary

Answer 10

1. Vulnerability databases 2. Information-sharing centers 3. Automated indicator sharing (AIS) 4. Indicators of compromise (IOC) 5. Predictive analysis 6. Dark web intelligence 7. File/code repos 8. Threat maps

Answer 11

Enables real-time exchange of machine-readable cyber threat indicators through a server/client architecture for communications.

Answer 12

Tactics, techniques, procedures used by adversaries

Answer 13

Find the attacker before they find you

Answer 14

1. Non-intrusive 2. Intrusive 3. Credentialed 4. Non-credentialed

Answer 15

Standard for message logging, needs a lot of disk space, used on central log collector integrated into the SIEM

Answer 16

Security orchestration, automation, and response 1. Orchestration - Connect many different tools together 2. Automation - Handle security tasks automatically 3. Response - Make changes immediately

Answer 17

0. Recon / footprinting 1. Inital exploitation 2. Lateral movement 3. Persistence 4. Pivoting

Answer 18

1. Red team 2. Blue 3. Purple - Red and blue working together 4. White - Refs

Answer 19

Established reference point for integrity measurement checks.

Answer 20

Techniques used to obfuscate sensitive data

Answer 21

1. At rest 2. In transit - Over network 3. In use - Ram

Answer 22

Replace sensitive data with non-sensitive placeholder

Answer 23

Information Rights Management. Technology used to limit the scope of what users can do with data. e.g Preventing copy past, screenshotting, printing, etc

Answer 24

1. Hot - Exact replica 2. Warm - Between hot and cold 3. Cold - Electricity, building, not much else

Answer 25

DNS that hands out incorrect IP addresses

Answer 26

1. IaaS Infrastructure as a service - Sometimes called hardware as a service 2. PaaS Platform - Someone else handles the platform you handle development, no servers, no software, no maintenance team, no HVAC 3. SaaS Software - On demand software, no local installation 4. XaaS Anything - Broad description of all cloud models

Answer 27

Processes used by an organization to manage, process, and protect data. Used to ensure availability, readability, integrity, and security of data. Also, used to comply with external laws and regulations.

Answer 28

Health insurance portability and accountability act. A data governance regulation. Mandates that organizations protect health information.

Answer 29

Gramm-leach Bliley act. Data governance regulation that requires financial institutions to provide consumers with a privacy notice explaining what information they collect and how it is used.

Answer 30

Sarbanes-oxley act. Data governance regulation that requires that executives take individual responsibility for the accuracy of financial reports.

Answer 31

General data protection regulation. Data governance regulation that mandates the protection of privacy data for individuals who live in the EU

Answer 32

Specifies how long data is retained and sometimes specifies where it is stored.

Answer 33

TCP 21, 22

Answer 34

53 tcp for zone transfers 53 udp for name resolution queries

Answer 35

Border gateway protocol Enables exchange of routing information between autonomous systems TCP 179

Answer 36

Uses internet key exchange (IKE) over port 500 UDP

Answer 37

TCP 110 unencrypted TCP 995 encrypted

Answer 38

TCP 143 unencrypted TCP 993 encrypted

Answer 39

TCP 25 unencrypted TCP 587 for email encrypted with tls

Answer 40

Active mode: TCP 21 control signals, TCP 20 for data Passive mode: TCP 21 control signals, random TCP port for data

Answer 41

TCP 22 Secure FTP Inherently secure. Unlike FTPS, which just adds a layer of security with TLS. Both are secure though. Used by SSH for file transfers. Not FTPS!

Answer 42

Lightweight Directory Access Protocol LDAP TCP 389 LDAPS TCP 636 LDAP specifies the formats and methods used to query directories. Commonly is used to store information for authentication.

Answer 43

Secure socket tunneling protocol Encrypts VPN traffic using tls on port TCP 443

Answer 44

Trivial file transfer protocol UDP 69

Answer 45

Ping -t 172.26.5.1, continuous Ping -c 4 172.26.5.1, 4 times

Answer 46

Ipconfig /all Ipconfig /flushdns, flush dns cache Ipconfig /displaydns, show dns cache

Answer 47

Ifconfig -a, similar to ipconfig /all Ifconfig eth0, show conf. eth0 Ifconfig eth0 promisc, enable promisc mode, process all traffic Ifconfig eth0 allmulti, enable multicast mode, process all multicast traffic Ifconfig eth0 -allmulti, disable multicase mode

Answer 48

Ip link show, show interfaces Ip link set eth0 up, enable eth0 Ip -s link, show network stats

Answer 49

Netstat -a, show all tcp udp ports being listened on Netstat -r, show routing table Netstat -e, show network stats Netstat -s, show net stats for specific protocols Netstat -n, show addresses and ports in numerical order Netstat -p protocol, show stats on specific protocol Netstat, show open TCP connections You can combine options. E.g netstat -anp tcp

Answer 50

Windows tracert google.com, show hops between system and Google racert -d google.com, don't resolve IP addresses to host names, makes command faster

Answer 51

Linux Traceroute -n google.com, don't resolve IPs

Answer 52

Sends pings to hops on routes. Computes statistics depending on responses to pings. Pathping -n google.com If a hop has 100% packet loss. Chances are it is just blocking icmp. If it really is bad, then all other hops from that point on in the path must also be dropping 100%.

Answer 53

Windows and Linux Arp, help on windows, arp cache linux Arp -a google.com, show arp cache entry for specified ip Arp -a, show entire cache on windows

Answer 54

Tail -n 15 /var/log/messages, show last 15 lines. Tail /var/log/messages, show last 10 lines

Answer 55

Linux Add entires to /var/log/syslog

Answer 56

Linux Query linux system logging utility called journald. Journalctl -- since "1 hour ago", show logs only in journals. Journalctl --list-boots, show boot logs

Answer 57

False acceptance rate Biometrics

Answer 58

False rejection rate Biometrics

Answer 59

Crossover error rate Point on graph of sensitivity (x), error percentage (y), where FAR and FRR intersect. Increasing or decreasing sensitivity at this point will cause one of the error rates to go up and the other to go down. Lower CER means a better biometric accuracy.

Answer 60

Role based access control Uses roles to manage rights and permissions for users. Roles are often implemented as groups. Think Microsoft security groups. Admins have complete access Executives have access to data on any project on server but can't change server settings Project managers have full control over their own projects but not any other teams projects Team members can do work that project managers assign them but have little access outside of it.

Answer 61

Rule based access control Uses rules. Common example is rules in routers and firewalls, which use access control lists to contain and organize the rules. Some rules are static, others might be modified on the spot.

Answer 62

Discretionary access control Objects (files, folders, etc) have an owner, the owner establishes access for the objects. Example is NTFS used in windows, which allows users and administrators to restrict access to files and folders with permissions.

Answer 63

Security identifier. Used in windows discretionary access control. Long string of characters used to identify users.

Answer 64

Mandatory access control Uses labels to determine access. Admins assign labels to objects and users. If the labels match, then the user has access. Example SELinux. A lattice chart is used to layout the scheme.

Answer 65

Attribute-based access control Evaluates attributes and grants access based on the value of these attributes. Example, Homer has attributes employee, inspector, nuclear aware. A file server has a share called inspector, that grants access to the folder for any user that has the attributes employee, inspector, nuclear aware. Many SDNs use ABAC schemes instead of rules on physical routers.

Answer 66

Used with traditional access control schemes but adds additional capabilites with if then statements. Policies in conditional access use signals which are similar to attributes in an ABAC scheme. Implemented in Microsoft azure active directory.

Answer 67

Hardened server used to access and manage devices in another network with a different security zone.

Answer 68

Aka DMZ. Buffered zone between a private network and the internet. Will contain some internet facing servers surrounded by firewalls such that the internal network is protected.

Answer 69

Hosts NAT and provides internal clients with private IPs a path to the internet.

Answer 70

Doesn't trust any device by default even if the device was previously verified. Security model based on the principle of Zero trust. Can be implemented by requiring multifactor authentication.

Answer 71

Unified threat management Single solution that combines multiple security controls. An appliance that performs URL filtering, malware inspection, content inspection, DDoS mitigation, etc

Answer 72

Managed Service provider. A cloud service provider that provides network connectivity managment, backup and disaster ecovery, growth management and planning

Answer 73

Managed Security Service Provider. A cloud service provider for firewall management, patch managemnt, security audits, emergency response.

Answer 74

Cloud that's close to your data. Cloud + IOT = Fog computing. Immeditate data stays local so no latency. No bandwith requirements. Privdate data never leaves - minimizes security concerns. Local decisons made from local data.

Answer 75

Scale up, down, out and in as it is required (automatically)

Answer 76

Function as a service. Applications are seperated into indvividual, autonomous functions. Remove operating system from the equation. Runs in stateless compute container.

Answer 77

Virtual private cloud. Pool of resources created in a public cloud.

Answer 78

Software Defined Networking. (Infrastructure as code)

Answer 79

Software Defined Visibility. (infrastructure as code)

Answer 80

1. Test - Still in development 2. QA 3. Staging - Looks and feels like a production environment 4. Production

Answer 81

1. Stored procedures

Answer 82

Using alternative compiler paths to result in a different binary each time compiled. An exploit for one version of the binary should not affect many others.

Answer 83

Code constantly written and merged int ocentral repo everyday.

Answer 84

Continuous delivery/deployment. Continuous delivery means automate the testing and release process, cllick and button and deploy the application. Continuous deployment means automatically deploy to production with no human integration or manual checks.

Answer 85

Providing network access to thrid parties such as partners, suppliers, customers, etc. A federated network allows authentication between two organization.

Answer 86

Prove the hardware is really yours.

Answer 87

Time based one time password. Secret key and time of day, no counter.

Answer 88

HMAC based one time password. Based on secret key and counter.

Answer 89

1. Fingerprint 2. Retinal 3. Iris 4. Voice recognition 5. Facial 6. Gait anlysis 7. Veins

Answer 90

Idebtification, Authetication, authorization, accounting

Answer 91

1. Something you are 2. Somewhere you are 3. Something you can do - Handwriting analysis, you're special 4. Something you know 5. Something you have

Answer 92

1. Multipath I/O 2. RAID 3. Multiple drives

Answer 93

1. RAID 0 - Striping without parity, high performance, no fault tolerance 2. RAID 1 - Mirrioring, Duplicates data for fault tolerance but requires twice the disk space 3. RAID 5 - Striping with parity, Fault tolerant and only requires an additonal disk for redunancy 4. RAID 0+1, RAID 1+0, RAID 5+1, Multiple raid types, Combine raid methods to increase redundancy

Answer 94

1. Load balancing 2. NIC teaming

Answer 95

1. UPS 2. Generator 3. Dual pwoer supply 4. PDU - Power distribution unit, provides power to multiple power outlets usually in a rack

Answer 96

1. Full 2. Incremental - All changes since last incremental 3. Differential - All changes since last full

Answer 97

Network attached storage. Connect to a shared storage device across the network and get file-level access to it.

Answer 98

Storage area network. Looks and feels like a local stroage device. Block level access, very efficient reading and writing.

Answer 99

High availability

Answer 100

System on a chip. Multiple components running on a single chip, common with embedded systems.

Answer 101

Field Programmable gate array Integrated circuit that can be configured after manufacturing. Common in firewall logic and routers.

Answer 102

Industrial control systems. Like SCADA

Answer 103

Real time operating system. OS with a deterministic processing schedule. No time to wait for other processes. Found in industrial equipment, automobiles, and military environments. Extremely sensitive to security issues.

Answer 104

Subscriber identity module. SIM card.

Answer 105

Form of embedded system communication. Communicate analog signals over a narrow range of frequencies.

Answer 106

Form of embedded systems communication. Generally a single cable with digital signal, copper or fiber. Uses all bandwith, utilization either 0% or 100%.

Answer 107

Physical seperation between networks.

Answer 108

IOT Networking open standard. Alternative to WiFi or bluetooth. Longer distances than bluetooth, less power consumption than WiFi.

Answer 109

Algorithm uses to encrypt and/or decrypt

Answer 110

Encrypted message

Answer 111

1. Key streching - Larger keys tend to be more secure

Answer 112

Homomorphic encryption. Perform calculations on data white it's encrypted.

Answer 113

1. Symmetric - Doesn't scale well 2. Symmetric is faster

Answer 114

Eliptic curve cryptography. Asymmetric.

Answer 115

Prove message was not changed - Integrity. Prove source of message - Authentication. Make sure signature isn't fake - Non-repudiation.

Answer 116

Perfect forward secrecy. Refers to encryption system that changes the keys used to encrypt and decrypt.

Answer 117

Encryption is done one bit or byte at a time. High speed, low hardware complexity. Used with symmetric encryption. Starting state should never be the same twice. Often combined with an IV

Answer 118

Initalization vector

Answer 119

Encrypt fixed-length groups. Used with symmetric encryption. Different modes of operations. e.g ECB, CBC, CTR, GCM

Answer 120

Electronic code block. Block cipher mode of operation. Simplest mode. Each block encrypted with same key, identical plaintext blocks create identical ciphertext blocks.

Answer 121

Cipher block chaining. Mode of block cipher operation. Each plaintext block is XORed with the pevious ciphertext block.

Answer 122

Counter. Mode of block cipher operation. Block cipher acts like a stream cipher, encrypts successive values of a counter.

Answer 123

Galois/Counter mode. Mode of block cipher operation. Combines counter mode with galois authentication. Very efficient encryption and authentication. Commonly used with packetized data such as in TLS.

Answer 124

Secure Real-Time transport protocol. Secure protocol for audio and video traffic.

Answer 125

Secure/Multipurpose Internet mail extensions Public-private key encryption mechanism that allows for the protection of the information within emails. As well as digital signatures for integrity. Requires PKI.

Answer 126

Simple Network Management protocol version 3. Secure protcol for managing network devices.

Answer 127

Endpoint detection and response. Detecting threats on an endpoint, investigating, and responding.

Answer 128

Data loss prevention

Answer 129

Trusted platform module. Specification for cryptographic functions. Hardware to help with cryptographic functions.

Answer 130

East-west traffic - Traffic between devices in the same data center. North south traffic - Ingress/egress to an outside device

Answer 131

Layer 2 tunneling protocol. Commonly implemented with IPSec. Can be used as a tunneling protocol for VPNs.

Answer 132

Authentication header. Member of the IPSec protocol suite.

Answer 133

Encapsulating security payload. Member of the IPSec protocol suite.

Answer 134

Transport mode. Tunnel mode.

Answer 135

Quality of service. Describes process of controlling traffic flows.

Answer 136

File integrity monitoring. Some files should never change.

Answer 137

Does not keep track of traffic flows.

Answer 138

Keeps track of traffic flows. Remembers the "state" of the session.

Answer 139

Web application firewall.

Answer 140

Corporate owned personally enabled. Device deployment model. Employees free to use device as if it was their personally owned device. But the organization purchases it and owns it.

Answer 141

Bring your own device. Device deplyoment model. Employees can being their own mobile device to work and attach them to the network. Employee is responsible for selecting and supporting the device, typically must comply with a BYOD policy when connecting to the network.

Answer 142

Choose your own device. Device deplyoment model. Employees selects a device from a list of acceptable devices. Employee purchases and brings the device to work.

Answer 143

Hardware security module. High end cryptographic hardware.

Answer 144

Sending fake emails from senior executives.

Answer 145

Impersonating a trusted colleague or vender to request payment or money transfer,

Answer 146

Gathering information about computer systems and their entities.

Answer 147

Typically harmless messages that spread through social engineering often using sensational claims and urging users to forward the message to warn others about a fake cyber threat.

Answer 148

Attempts to discover which **websites** a group of people are likely to visit and then infects those websites with malware that can infect the visitors/

Answer 149

Hacking public opinion. Often run by nation state actors to divide individuals or persuade them. Frequently performed using social media with lots of fake or bot accounts, and relies on real users to spread the misinformation.

Answer 150

Discussing changes to IT infrastructure. Important to use standaridzed naming and numbering conventions in ensure efficient communication during such meetings.

Answer 151

Ensures ciphertext is very different from the original plaintext.

Answer 152

Ensures that a small change in the plaintext results in a significant change in the ciphertext.

Answer 153

Domain Name System Security Extension. Provides a means of validating the information recieved from a DNS server so that it really did come from the server that was requested and that the information was not changed as it went through the network.

Answer 154

TCP 989, 990 File transfer protocol secure. Uses TLS or SSL to encrypt FTP. Unlike SFTP, not inherently secure, just an added layer of security with TLS/SSL.

Answer 155

Creating a fake website or communication that closely resembles an authentic one to deceive users.

Answer 156

1. Authority 2. Scarcity 3. Familiarity 4. Intimidation 5. Consensus 6. Urgency 7. Trust

Answer 157

Trusted Automated eXchange of Indicator Information. An open standard that defines a set of services and messages exchanges used to share information. Provides a standard way for organizations to exchange cyber threat information.

Answer 158

Structured Threat Information eXpression. An open standard that indentifies what cyber threat information organizations should share. Provides a common language for addressing a wide range of cyber threat information. STIX data is shared via TAXII.

Answer 159

Attacker knows both plaintext and its corresponding ciphertext. He uses this information to determine the encryption/decryption method and perhaps reveal keys. He can then decrypt all messages.

Answer 160

Attacker knows the ciphertext but not all of the plaintext, only a "chosen" part of it. He then uses various techniques to attempt to decrypt the chosen part, which will allow him to decrypt all messages.

Answer 161

Attacker doesn't have any information on the plaintext. He must work with the ciphertext only.

Answer 162

Attacker floods network with IP address lease requests. DHCP server runs out of IPs.

Answer 163

Attacker gains access to resources that would only normally be available to a user of a higher privledge level. Does not necessarily have to be an administrator or root account.

Answer 164

Attacker gets administrative or root access to a system via a vulnerability

Answer 165

Time of check to time of use attack Attacker exploits a race condition in order to do somethign malicious with data after the operating system verifies access is allows (time of check) but before the operating system performs a legitmate action (time of use)

Answer 166

An AP placed wthin a network without official authorization. Might be used to bypass security and gain access to the network or to sniff traffic. 802.1X authentication can prevent this by requiring users to provide a username, password or other type of authentication before being allowed access to the network.

Answer 167

Authentication method for wireless networks. However, it can also be used anywhere an 802.1x server is used. Provides method for two systems to create a secure encryption key called pairwise master key. Systems then use the key to encrypt data between them.

Answer 168

Protected EAP Extra layer of protection for EAP. Encapsulates the EAP conversation in TLS tunnel. Requires certificate on the server but no on the clients.

Answer 169

EAP-Flexible Authentication via Secure Tunneling Built by Cisco. Supports certificates but they are optional.

Answer 170

Requires certificates on both the 802.1X server and the clients.

Answer 171

EAP-Tunneling TLS Extension of PEAP that allows systems to use older authentication methods such as PAP. Requires certificate on the 802.1X server but not the clients.

Answer 172

Requires users to authenticate when connecting to a wireless AP or plugging into a port. Can be implemented as a RADIUS or Diameter server. Supports usernames and passwords as well as certificates.

Answer 173

WPA2 mode. Forces users to authenticate with unique credentials when connecting to the network. Uses an 802.1X server, often implemented as a RADIUS server.

Answer 174

Simultaneous authentication of equals. Used in WPA3, variant of dragonfly key exchange which is based on diffie hellman.

Answer 175

Creating a federation using 802.1X and RADIUS servers

Answer 176

Wi-fi protected setup. Press a button on the printer to connect to its Hotspot. Enter a pin to connect your phone to the AP.

Answer 177

Discover the initialization vector and use it to discover the pre-shared key.

Answer 178

Blursnarfing, but the attacker installs a backdoor. Allowing them to listen to comms, send messages, etc remotely from the victims device.

Answer 179

1. IPSEC in tunnel mode 2. SSL/TLS 3. L2TP - Layer 2 tunneling protocol

Answer 180

Used as a tunneling protocol to encrypt VPN comms. In this mode both the payload and headers of the IP packet are encrypted.

Answer 181

Only the payload of the IP packet, not headers. Not used for VPNs usually unless you don't care about internal IPs being exposed.

Answer 182

Encapsulating security payload Protocol number 50 Encrypts data in IPSec. Includes AH.

Answer 183

Authentication header. Protocol number 51. Allows hosts in an IPsec communication to authenticate with each other before exchanging data.

Answer 184

When connected to the VPN, all traffic regardless of destination will be tunneled through the VPN.

Answer 185

Admin determines which specific traffic should be tunneled through the VPN. Perhaps he will restrict it to traffic destined for the internal network only.

Answer 186

Uses two VPN servers to act as gateways for two geographically separated networks. The process of accessing resources in the remote network is seemless from the user's perspective.

Answer 187

Allows users to access private networks via a public network. Process is NOT seemless to the user, as the user has to manually connect to the VPN server.

Answer 188

The VPN connection is established and maintained always. This opposes an on-demand connection. Can be used with both site to site VPN and direct access VPN.

Answer 189

Allows users to connect to the VPN using their web browser. Uses TLS to encrypt the session. Tends to be very resource intensive.

Answer 190

Network Access Control Methods to ensure that devices connecting to a network meet certain predetermined characteristics. NAC will perform host health checks. Possibly via an agent. A VPN server will query the NAC (assuming there is one) and query the client for a health report before allowing the client to connect to the internal network.

Answer 191

VPN should ensure that only authorized users access it. 1. PAP - Password Authentication Protocol 2. CHAP - Challenge Handshake Authentication Protocol 3. RADIUS 4. TACACS+

Answer 192

Password Authentication Protocol Used in VPNs for authentication. Used with Point to point protocol (PPP) to authenticate clients. PAP allows users to authenticate with a password or PIN. However, it is sent over the network in cleartext, so it's not secure.

Answer 193

Challenge Handshake Authentication Protocol. Used by VPNs for authentication. Uses point to point protocol (PPP). CHAP allows users to authenticate with a shared secret. The client hashes the shared secret combining it with a nonce, and then sends it to the server. More secure than PAP because the shared secret is NOT sent in plaintext.

Answer 194

Terminal Access Controller Access-Control System Plus Authentication system that is an alternative to RADIUS. Can be used by VPNs for authentication. Can be used with kerberos. Two essential security benefits over RADIUS: 1. Encrypts the entire authentication process. 2. Uses multiple challenges and responses between the client and the server.

Answer 195

Protocols that provide authentication, authorization, and accounting 1. RADIUS 2. TACACS+ 3. Diameter

Answer 196

Mobile device management Includes technologies to manage mobile devices.

Answer 197

Unified endpoint management Ensure systems are up to date with patches, AV, and are secured with standard security practices. Can be used to manage mobile devices or any device.

Answer 198

Mandatory framework for US federal agencies and organizations that handle federal data. Six step process 1. Categorize: define the environment 2. Select: pick the appropriate controls 3. Implement: define proper implementation 4. Assess: determine if controls are working 5. Authorize: make a decision to authorize a system 6. Monitor: check for ongoing compliance

Answer 199

NIST cybersecurity framework Framework core Identify, protect, detect, respond, and recover

Answer 200

Information security management Framework that provides information on infosec management system (ISMS) requirements. Three stage certification process for an organization to become compliant.

Answer 201

Information technology security techniques Complement to ISO 27001. While ISO 27001 identifies requirements to become certified, ISO 27002 provides organizational with be practices guidelines.

Answer 202

Privacy information management system (PIMS) Based on ISO 27001, outlines a framework for managing and protecting PII. Provides organizations with guidance to comply with global privacy standards, such as European General Data Protection Regulation (EU GDPR)

Answer 203

Family of standards related to risk management. Provides guidelines that organizations can adopt to manage risk

Answer 204

A report that describes an organization's systems and covers the design effectiveness of security controls on a specific date. Design effectiness refers to how well the security controls address risks but not necessarily how well they work when mitigating risks.

Answer 205

Report that describes an organization's systems and covers security controls' operational effectiveness over a range of dates, e.g 12 months. Operational effectiveness refers to how well the controls worked when mitigating risks during the range of dates.

Answer 206

Risk Management Framework for Information Systems and Organizations Covers the Risk Management Framework (RMF). Provides organizations a 7 step process to identify and mitigate risks. 1. Prepare 2. Categorize information systems 3. Select security controls 4. Implement security controls 5. Assess security controls 6. Authorize information systems 7. Monitor security controls

Answer 207

Single Loss Expectancy Cost of any single loss.

Answer 208

Annual rate of occurrence Indicates how many times the loss will occur annually.

Answer 209

Annual Loss Expectancy How much loss is accrued from failures during the entire year. ALE = SLE * ARO

Answer 210

Detailed document listing information about risks. Typically includes risk scores along with recommended security controls to reduce the risk scores.

Answer 211

Plots risk on a graph.

Answer 212

Recovery Point Objective Identifies a point in time where data loss is acceptable, refers to databases.

Answer 213

Mean Time Between Failures Provides a measure of a system's reliability, usually represented in hours.

Answer 214

Mean Time To Recover Identifies the arithmetic mean time it takes to recover a failed system.

Answer 215

Business Impact Analysis Important part or a Business Continuity Plan (BCP). Helps an organization identify critical systems and components that are essential to an organization's success.

Answer 216

Business Continuity Plan Plan that includes disaster recovery elements that provide steps used to return critical functions to operation after an outage.

Answer 217

Recovery Time Objective Maximum amount of time it can take to restore a system after an outage.

Answer 218

Certificate Authority Issues, manages, validates, and revokes certificates. Can be public like a large organization e.g Symantec or can be a single service running on a server within a private network.

Answer 219

First certificate created but the CA that Identifies it. If the root certificate is placed into the trusted root CA store, then all certificates issued by the CA will be trusted.

Answer 220

A CA that is created by a root CA to create certificates on the root CA's behalf.

Answer 221

A CA that has certificates issued to it by an intermediate CA. The child CA then gives these certificates to end users and devices.

Answer 222

Certificate Signing Request A request you send to a CA to have the CA create/sign a certificate on your behalf.

Answer 223

Registration authority Assists in the certificate registration process. Sometimes, it is found in large organizations. RA never issues certificates it only assists the registration process.

Answer 224

Certificate revocation list Used by the CA to revoke a certificate before its expiration date.

Answer 225

Online certificate status protocol Allows client to query the CA with the serial number of the certificate. The CA will then respond with an answer of good, revoked, or unknown. Unknown could indicate that the certificate is a forgery.

Answer 226

Part of Online Certificate Status Protocol (OCSP). The certificate presenter receives a time stamped OCSP response from the CA signed with a digital signature. The certificate presenter then appends/staples the timestamped OCSP response to the certificate during the TLS Handshake process. Which eliminates the need for clients to query the CA.

Answer 227

Security mechanism designed to prevent attackers from impersonating a website using fraudulent certificates. When configured, the web server responds to HTTPS requests with an extra header which includes a list of hashes derviced from valid public keys used by the web site. When clients connect to the web server they recalculate the hashes and then compare the calculated hashes with the ones they have stored from before. If they match then the client knows this is the same web server.

Answer 228

Placing a copy of a private key in a safe environment. E.g giving the key to a third party

Answer 229

Cannocial Encoding Rules One of the base formats for certificates. E.g cert.cer

Answer 230

Distinguished Encoding Rules One of the base formats for certificates. E.g cert.der

Answer 231

Privacy Enhanced Mail Certificate format, despite name can be used for anything.

Answer 232

Certificate format using PKCS version 7.

Answer 233

Certificate format using PKCS version 12.

Answer 234

Personal Information Exchange Certificate format, predecessor to P12.

Answer 235

Computer Incient Response Team

Answer 236

Holds hostname and IPv6 address, similar to A record but for IPV6

Answer 237

Holds hostname and IPv4 address

Answer 238

Pointer record Opposite of an A record. For when client queries DNS with an IP.

Answer 239

Mail exchange record Identifies a mail server used for email. Linked to A or AAAA record of the mail server. When there is more than one mail server, the one with the lowest preference number in the MX record is the primary mail server.

Answer 240

Canonical name record Allows single system to have multiple names associated with a single IP address.

Answer 241

Start of authority record Includes information about the DNS zone and some of its settings which are useful for clients to know. E.g TTL

Answer 242

1. Reconnaissance 2. Weaponization 3. Delivery 4. Exploitation 5. Installation 6. C2 7. Actions on Objectives

Answer 243

1. Adversary 2. Capabilities 3. Infrastructure - domain names, email addresses, ips, etc used by the adversary 4. Victim

Answer 244

Adversarial Tactics, Techniques, and Common Knowledge Knowledge base of tactics and techniques used in real-world attacks.

Main Flashcards

(281 cards)